Re: named questions.
At 08:59 PM 3/12/2008, jekillen wrote: Hello: I have named running as secondary server on v6.2 It will not start without a specific configuration file set on the command line. After doing some investigation it appears that that is because it runs chrooted and there is not a symlink from /etc/namedb. Is that a correct assumption? I read the man page and it specifies the default configuration file as /etc/namedb/named.conf and along with this file there are master and slave directories. Would I make the /etc/namedb/named.conf file to be a symlink to /var/named/etc/namedb/named.conf? You can run named chrooted or not. The default is to run chrooted. Look in: /etc/defaults/rc.conf for all the named configuration options and default settings. If you run chrooted be sure your chroot environment has writeable directory for the slave files. There are some other entries in rc.conf related to named that appear in my primary nameserver rc.conf file that relate to getting it up at boot but I have lost root access to that machine so I cannot recover the rc.conf details and I do not remember what document- ation I was using to set it up. You should not need root access to read /etc/rc.conf. This is usually given read by all perms. However, in my rc.conf I set: named_chroot_autoupdate=NO # Automatically install/update chrooted named_chrootdir=# Chroot directory (or not to auto-chroot it) named_enable=YES named_flags= # quoted string for the command line named_uid=# quoted user name to run as bind or root I was advised to start named as a user other than root but when I tried that named would not start because the user I set it to does not have write permission in the directory that has the pid file. Your chroot environment must be set up correctly with the correct perms to write those files and to read the named.conf file. When named starts at boot what user does it run as, by default? It will run by the named_uid you set in /etc/rc.conf You will have an easier time getting named to run via the command line, then set /etc/rc.conf for the correct settings. /usr/sbin/named -c [to the path and name for naed.conf] -u [the user name to run as] -t [chroot directory or omit this setting if not chrooting] -Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: named questions.
On Thursday 13 March 2008 02:59:35 jekillen wrote: I have named running as secondary server on v6.2 It will not start without a specific configuration file set on the command line. After doing some investigation it appears that that is because it runs chrooted and there is not a symlink from /etc/namedb. You should start it by: echo 'named_enable=YES' /etc/rc.conf /etc/rc.d/named start This should by default create the symlink and populate the chroot directory. If there is already a directory /etc/namedb or a file /etc/namedb it will warn you. Have a look at /etc/rc.d/named and the named_ variables in /etc/defaults/rc.conf. -- Mel Problem with today's modular software: they start with the modules and never get to the software part. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
named questions.
Hello: I have named running as secondary server on v6.2 It will not start without a specific configuration file set on the command line. After doing some investigation it appears that that is because it runs chrooted and there is not a symlink from /etc/namedb. Is that a correct assumption? I read the man page and it specifies the default configuration file as /etc/namedb/named.conf and along with this file there are master and slave directories. Would I make the /etc/namedb/named.conf file to be a symlink to /var/named/etc/namedb/named.conf? There are some other entries in rc.conf related to named that appear in my primary nameserver rc.conf file that relate to getting it up at boot but I have lost root access to that machine so I cannot recover the rc.conf details and I do not remember what document- ation I was using to set it up. I was advised to start named as a user other than root but when I tried that named would not start because the user I set it to does not have write permission in the directory that has the pid file. When named starts at boot what user does it run as, by default? Thank you for any guidance. Jeff K ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: named questions.
jekillen wrote: Hello: I have named running as secondary server on v6.2 It will not start without a specific configuration file set on the command line. After doing some investigation it appears that that is because it runs chrooted and there is not a symlink from /etc/namedb. Is that a correct assumption? I read the man page and it specifies the default configuration file as /etc/namedb/named.conf and along with this file there are master and slave directories. Would I make the /etc/namedb/named.conf file to be a symlink to /var/named/etc/namedb/named.conf? What you've read is correct. chroot'ing does in fact prevent the program from traversing higher in the file hiarchy. This makes sense as to why you need to specify the configuration file on the command line. I presume named will read the configuration file prior to chrooting. I don't use named though as I have my preference, and can't be 100% without looking at the source code. A symlink does you no good do to my explanation above. If you chroot, you lose the ability to get into /var or vica versa. That's the whole purpose of 'change root'. There are some other entries in rc.conf related to named that appear in my primary nameserver rc.conf file that relate to getting it up at boot but I have lost root access to that machine so I cannot recover the rc.conf details and I do not remember what document- ation I was using to set it up. I was advised to start named as a user other than root but when I tried that named would not start because the user I set it to does not have write permission in the directory that has the pid file. named must be started as root in order to bind to port 53. Afterwards I assume it changes it's uid using some configuration setting. This is a standard practice now adays amongst utilities needing to bind to reserved ports. Check your config file to set the user you want to run the daemon as after it's done with it's initialization (i.e. binding to the port and creating the /var/run file), but remember you must physically start named as root in order to get named working correctly. When named starts at boot what user does it run as, by default? bind That's a guess based on the following: nat# fgrep bind /etc/passwd bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin Thank you for any guidance. Jeff K ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
more named questions . . .
I've been working on setting up named in a sandbox. I got some helpful hints here where I couldn't quite understand the handbook (yes, I did read it, that doesn't necessarily mean I understood it :). Anyway, I followed the handbook steps for sandboxing named exactly - meaning I didn't even retype the commands, but copied them by mouse from the handbook page. This part is giving me some trouble: # Symlink /var/run/ndc to /etc/namedb/var/run/ndc: # ln -sf /etc/namedb/var/run/ndc /var/run/ndc Note: This simply avoids having to specify the -c option to ndc(8) every time you run it. Since the contents of /var/run are deleted on boot, if this is something that you find useful you may wish to add this command to root's crontab, making use of the @reboot option. See crontab(5) for more information regarding this. What are the chances this is wrong? After completing the section, I typed 'ndc start' at the root prompt, and got the following: # ndc start ndc: error: name server has not started (yet?) So I tried to stop it: # ndc stop ndc: error: ctl_client: evConnect(fd 3): No such file or directory ndc: error: cannot connect to command channel (/var/run/ndc) And this didn't even stop named. Something had to be wrong. I did a little more reading, and it looked to me like that command should have been the other way around. So I tried the following: # rm /var/run/ndc # ln -s /var/run/ndc /etc/namedb/var/run/ndc # ndc start new pid is 42557 then, just to be sure: # ndc stop and named did quit. Did I stumble on a typo in the handbook? And if so, did I also stumble on the CORRECT way to do it? And, finally, once I got named started in this manner, I got the following message in the /var/log/messages: Jan 28 10:41:04 keyslapper named[42779]: check_hints: A records for J.ROOT-SERVERS.NET class 1 do not match hint records Doing a lookup, host gave 192.58.128.30 as the correct IP, but named.root had 198.41.0.10. When I changed named.root and restarted named, the message went away. Anyone else ever have this kind of problem? TIA Lou -- Louis LeBlanc [EMAIL PROTECTED] Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ QOTD: I'm not really for apathy, but I'm not against it either... To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: more named questions . . .
Louis LeBlanc [EMAIL PROTECTED] writes: And, finally, once I got named started in this manner, I got the following message in the /var/log/messages: Jan 28 10:41:04 keyslapper named[42779]: check_hints: A records for J.ROOT-SERVERS.NET class 1 do not match hint records Doing a lookup, host gave 192.58.128.30 as the correct IP, but named.root had 198.41.0.10. When I changed named.root and restarted named, the message went away. Anyone else ever have this kind of problem? Lots of people; there was a lot of discussion in the mailing lists about this. In fact, there is one going on right now on freebsd-stable. Search for the thread 4.7-R-p3: j.root-servers.net -- Dan Pelleg To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
